Windows 10 UWP vulnerability could give developer access to file system

A Universal Windows Platform (UWP) vulnerability was quietly fixed in the Microsoft October 2018 patch update. 

The earlier versions of Windows 10 UWP feature wasn’t informing users when applications request permission to access the user’s files. 

The bug was discovered by a .NET developer Sébastien Lachance, after an enterprise app he built suddenly broke after the October update.

“The bug in the Windows ‘broadFileSystemAccess’ API could have given a malicious developer of Universal Windows Platform (UWP) apps access to all a user’s documents, photos, downloads, and files stored in OneDrive,” ZDNet reports

Leave a Comment

Your email address will not be published. Required fields are marked *